February 2, 2024

                            February 2, 2024

                February 2, 2024

                        February 2, 2024
Today is an interesting day! I read a report about a threat actor, and for once I'm impressed! This is the first I can remember in which a TA has displayed NEW tradecraft, before researchers have shared it widely. Let's review in this 🧵https://t.co/CA4TwJam7g
— Nick Frichette (@Frichette_n) January 31, 2024

Thread by @Frichette_n on Thread Reader App – Thread Reader App
@Frichette_n: Today is an interesting day! I read a report about a threat actor, and for once I'm impressed! This is the first I can remember in which a TA has displayed NEW tradecraft, before researchers...…

Binance Code and Internal Passwords Exposed on GitHub for Months
A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”

I tried to sign up for OnlyFans to put my old porn content there. They will not accept your model application/identification unless you have a real name social media presence with “regular” updates clearly showing your face so they can match it to your ID to prove you’re “real.” https://t.co/helIbJ8BJM
— furrygirl (@furrygirl) February 1, 2024

I promise you if this becomes a social media trend I will disappear offline forever pic.twitter.com/z7OXycEU1Q
— Icarus🏴✳ApoIIo Is on T (They/He/Sin/Sol/Rot) (@Sabo_Cat161) January 30, 2024

I can understand why OnlyFans is worried and wants to do this. At the same time, it is incredibly dangerous for the models. Facial recognition search is a thing. If a random obsessive fan uses one to find the real identity of a model they fixate on, things could get very bad very quickly. 
Essentially OnlyFans will not allow new models to stay safe. If this policy is still in place it is only a matter of time before people are hurt or killed. 
For some people OPSEC is not about LARPing being interesting, but about protecting themselves against serious threats. Never underestimate the power of an obsessed individual with the internet and time. 

CISA is requiring all Federal agencies to disconnect Ivanti products by Friday at midnight (Ivanti Connect Secure & Ivanti Policy Secure). This is roughly 48 hours notice, to not patch, but rip it out! Ivanti is an American company. This is unprecedented. https://t.co/cJZRuHHF5o
— Scott Piper (@0xdabbad00) February 1, 2024

I'm excited to share (and use myself!) a Sysinternals ZoomIt feature we're releasing soon called DemoType that has ZoomIt enter your demo input as if you were typing it. Check out this short demo (made entirely with ZoomIt) to see DemoType in action: pic.twitter.com/YJtSImCdoR
— Mark Russinovich (@markrussinovich) February 1, 2024

New from 404 Media: the Instagram ad to investment scam pipeline.

Ads impersonating famous rich people (Bill Ackman, Cramer, Cathie Wood etc) funnel people to WhatsApp groups. Scammers then text you over SMS, encourage to send them money over Cash App https://t.co/vIjxabF0AR pic.twitter.com/IfSw6djidw
— Joseph Cox (@josephfcox) February 1, 2024

🚨Container Breakout Vulnerability 🚨

A fix for the vuln(CVE-2024-21626) with the highest score in runc history has been released. As the maintainer of the OCI Runtime Spec, I strongly suggest you check the correspondence of the vendors you are interested in.

container breakout…
— Toru Komatsu (@utam0k) January 31, 2024

Actually that’s one of the nice things about cryptocurrency. It took a whole class of attackers who were trying to steal your grandmother’s credit card, and refocused them on stealing money from idiots.
— Matthew Green (@matthew_d_green) August 10, 2020

Exclusive: A controversial aide to Bundestag deputy Eugen Schmidt, of Germany's far-right AfD party, is an agent of Russian intelligence. Oh, and his handler raps! https://t.co/76YVIttm0x
— Michael Weiss (@michaeldweiss) February 1, 2024

Thread by @michaeldweiss on Thread Reader App – Thread Reader App
@michaeldweiss: Exclusive: A controversial aide to Bundestag deputy Eugen Schmidt, of Germany's far-right AfD party, is an agent of Russian intelligence. Oh, and his handler raps! theins.press/en/politics/26… As @In...…

“Does Europe even have any counterintelligence capability, or do they just rely on journalists?” — friend

A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED
A loose coalition of anti-censorship voices is working to highlight reports of one Indian company’s hacker-for-hire past—and the legal threats aimed at making them disappear.

https://t.co/6lFfnecO9K
— Military Pigeons (@MilitaryPigeons) February 2, 2024

swollen LiPo on a remote island. the ferry comes once a year and has no space for e-waste. 32C/90F everyday, soon it may explode—every building is a flammable thatched hut. “what if we bury it”, then the lithium goes into the ground water? welcome to the end of the supply chain. pic.twitter.com/e4FlIe7RjG
— Kyle McDonald (@kcimc) February 1, 2024

New Phrack 71 Call For Papers just dropped.

Check it out here: https://t.co/783urvqxSk pic.twitter.com/7y7O1pNGdp
— Phrack Zine (@phrack) February 1, 2024

An essay by GENERAL Valerii Zaluzhnyi on how Ukraine's defence struggle should continue. And on the contemporary design of the armed struggle. Find the good mix of technology, modern weapons, political and economic situation. https://t.co/yQXCecygQ0 pic.twitter.com/vnFiXFXHG0
— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) February 2, 2024

https://s3.documentcloud.org/documents/24400154/ukraine-valerii-zaluzhnyi-essay-design-of-war.pdf

                            Don't miss what's next. Subscribe to the grugq's newsletter: